Closed morphly closed 5 years ago
Thanks for the fix!
You're welcome. Our SecOps already love the reduced runtime with the fix. Maybe if I find the time I'll give it a spin with the negative Caching, so those queries are only sent one time to even further optimize the run times.
I have created https://github.com/BloodHoundAD/SharpHound/pull/40 with a fix for a potential DoS attack in bigger environments with large AD databases.
The query triggered by Util.cs Line 261 "entry = DoSearch($"(securityidentifier={dSid})", SearchScope.Subtree, new[] { "cn" }, useGc: true)" will iterate through every object for the whole directory partition. Whats even worse is that there is no negative caching, meaning that the query will be fired up multiple times even if it did not return any results.